Speech by SEC Staff:
"Why Does Fraud Occur and What Can Deter or Prevent it?"

by

Lori Richards

Good morning. I'm pleased to be here today, and honored to have been asked to speak at this 32nd Annual Southwest Securities Enforcement Conference, sponsored by the Securities and Exchange Commission's Ft. Worth Office and by the Texas State Securities Board. In addition to being outstanding securities regulators, examiners and enforcers, these two regulatory organizations are also led by two outstanding women — Rose Romero and Denny Crawford. Perhaps it's something about Texas that grows accomplished, vibrant, highly-dedicated and exceedingly capable women. I'm pleased to be an honorary Texas woman and among their company, if just for today!

Before I begin, I must note that my remarks today represent my own views and not necessarily the views of the Commission, the individual Commissioners or my colleagues on the Commission staff.

As this conference is dedicated to discussion of enforcement of the securities laws, and many of you are civil and criminal prosecutors at the federal and state level, and most enforcement actions by federal and state regulators involve fraud of some type, I thought I would talk with you today about fraud. I want to share some of my thoughts about why fraud occurs and what steps can deter or prevent fraud from occurring in the first place. This is an enormous topic of course, and in my time with you this morning, I'll only just scratch the surface.

Not all fraud is alike, as I'm sure you all know, and it is caused by different factors and influences. What makes a person commit a fraud? It is individuals after all, who commit fraud. At the core of all fraud, even fraud by large corporate entities, there are decisions and actions by individuals. As such, the decision to bend or to break the rules is an innately personal one. So, my question, what makes a person commit fraud — is relevant in every instance. I think it's helpful for regulators to consider this question, as I think it can help us to identify factors that may make fraud more or less likely to occur. This is enormously important to us as regulators, as we have a profound interest in minimizing the instances of fraud and harm to investors.

First, let me tell you something about my perspective on this question. I started my career the SEC as an enforcement attorney, and spent nine years bringing securities enforcement cases of all types and involving all stripes of defendants. In many cases we brought enforcement action early in the fraud, and stopped it before it could continue to harm investors. The enforcement program at the SEC, led by my colleague, Linda Thomsen, is dedicated to the aggressive enforcement of the federal securities laws (Steve Koratash and Steve Webster are outstanding examples of that dedication here in Ft. Worth).

In 1995, I became the head of the SEC's examinations unit, the Office of Compliance Inspections and Examinations, a new office at that time. The examination program is comprised of over 800 examiners, accountants and lawyers across the country. Our job is to conduct examinations to identify compliance weaknesses, deficiencies and violations at SEC-registered firms. We also seek to help firms to improve their compliance controls for the protection of investors (Kim Garber has been an innovative leader of the Ft. Worth exam program, and active in our CCOutreach work here in this region).

An important function of examinations is to identify weaknesses in compliance and other internal controls that could allow fraud and other types of violations to occur down the road — and to ensure that firms' beef up their internal controls to prevent this from happening. In this way, examiners play a proactive role in the securities markets in helping to prevent problems from occurring at all. We examine all types of firms: very large firms with billions under management and very small one-person shops; investment advisers, brokers, mutual funds and transfer agents, and those that are joint and multiple registrants; firms that are focused on retail investors and those that only serve large institutional investors; and, firms with very strong controls to prevent violations and those with alarmingly weak controls. We conduct routine exams, sweep exams (focused on a particular compliance risk issue), and cause exams (often based on complaints or tips about wrongdoing at a particular firm).

Most examinations find deficiencies of some type, and are resolved via a non-public deficiency letter to the firm examined.1 The vast majority of firms take their compliance obligations seriously, and take corrective actions to address and correct the deficiency that the examinations identified.2 During a small number of examinations, examiners find indications of fraud. Examinations have detected frauds at their early "just-getting-started" stages, as well as when they are full-blown. In these instances, examination findings are turned over to enforcement staff, and examiners will often work closely with enforcement attorneys in their investigation.3 Examiners sometimes serve as witnesses in subsequent enforcement actions with respect to their examination findings.

So, to my question — why do people commit fraud? In each case of fraud, the outcome is deceit and often, harm to investors, but frauds may differ in how they get started and

what may motivate the person involved.4 I'd like to describe some types of frauds that I've seen, and also some actions and steps that I think may deter it or reduce the possibility that it will occur.

The "Grifter." There are frauds committed with intent from the outset, where the person sets out to steal money. These are frauds that are planned in advance, and where the person committing it is acting intentionally to defraud. As civil and criminal investigators and prosecutors, examples of this type of fraud are well-known to you. This type of person is often behind, for example, ponzi schemes, advance fee schemes, offering frauds with no product behind the pitch, and "pump and dump" schemes. In these situations, the person may be highly creative, cunning, and charming, and may have committed other frauds in the past. This is a committed fraudster.

What can minimize this type of fraud? Certainly, vigorous civil and criminal prosecution can deter it, and deter it from the securities industry. And, securities firms must do thorough background checks to ensure that they don't hire people who have been barred from the securities industry or will present a risk of harm to investors. As important, however, is an educated consumer who can avoid becoming a victim -- who can hang up on the boilerroom phone call, and throw out the mail or internet pitch. This is exactly the motivation behind the SEC's investor education efforts, and in particular, behind the concerted efforts by the SEC, state securities regulators and FINRA to educate seniors, who are often victim of this type of fraud, to protect themselves.5 (I know that Julie Preuitt is taking up this call and will focus on this type of preventative effort here in Ft. Worth). This is an important mission. Indeed, in just two weeks, the SEC will hold its 3rd "Senior Summit" meeting in Washington, D.C. — and one key aspect of this event will include advice to seniors about how to avoid being victims of scams. The SEC, FINRA and NASAA have also prioritized the protection of seniors in their examination and enforcement programs.

The "Borrower." Another type of fraud is committed by those who believe that they are merely "borrowing" money, and intend to pay it back. They may do it to cover a shortfall in the firm's revenues or to conceal less-than-expected performance results. For example, people who dip into clients' accounts in order to pay the firm's operating expenses, but who tell themselves that it's a temporary "loan" and they'll pay the funds back before the next account statement goes out. A variation on this example are those people who lie about their performance results for the current period, fully intending that they will "make up the difference" in the next period. These people may do this in order to conceal a losing trade or to meet the firm's or a client's expectations of higher returns than were actually made. For example, people may lie about meeting this quarter's earnings targets, or in this quarter's account statements sent to clients. People who do this may be embarrassed to admit the truth of the losing trade or sub-par performance.

We've all seen instances of this type of fraud — while the person may have intended to merely borrow the money or to make up the difference in account performance, almost inevitably, what happens is that the hole is not filled, the lie must be perpetuated, the pressure builds on the "borrower," he gets deeper and deeper into trouble, may take other actions to conceal the initial borrowing, like taking money from other accounts, trading excessively or taking on too much risk, or lying to auditors, and the fraud becomes much worse. It all starts with a single "borrowing." In these cases, the person may believe that they are only temporarily "bending" the rules, and be filled with good intentions to make it right down the road.

What can minimize this type of fraud? Eliminating the opportunity for it by having strong controls to prevent the initial "borrowing." Checks and balances are key to preventing this type of fraud -- separating functions so that the same person who is responsible for trading is not also reporting the results of that trading; having a third party prepare and send account statements to clients; making sure that customers are receiving these account statements and not falsified or doctored account statements; and having the auditor seek independent confirmations. Because this type of fraud sometimes comes to light when the person responsible is not around to conceal it, some firms have implemented a mandatory vacation policy.6 As examiners, we're particularly alert to this type of fraud at smaller firms that have a dominant control person who can override and overrule the firm's controls, at firms that create and send their own account statements to clients, and at firms of any size that have weak internal checks and balances.

Regulators and firms also may want to continue to remind employees of the importance of the highest level of integrity in the small decisions in life, in that small missteps can mushroom leading to personal and financial ruin. Reminding employees that people started down a dangerous path with what appeared to be a small indiscretion might contribute to building a culture of compliance.

The "Opportunist." Another type of fraud is committed by people who find themselves in a position to benefit, even though they did not seek out the opportunity to engage in fraud. This is the "open cash drawer" scenario. These people see an opportunity to make some easy money and they believe that the risks of detection are relatively low. They may not take a lot of time to consider the ramifications of acting on the opportunity, and they may not stand to make a lot of money. Examples of this are seen in insider trading cases involving people who otherwise may hold positions of respect and authority — corporate executives, lawyers, even compliance professionals. These are people who may not have sought out the material non-public information, but rather came into possession of it through their positions, and becoming opportunists, used that information to trade.

What can minimize this type of fraud? Deterrence is particularly important — the opportunist must believe that he or she runs a high risk of detection and punishment. When the opportunist is making a decision to act, he must remember the ramifications. This is why criminologists say that press photos of white collar criminal defendants arrested and in handcuffs are valuable as a deterrent. Civil enforcement cases involving insider trading, financial reporting and other violations are also incredibly important to send the message that fraud will be detected and prosecuted, and to leave a lasting impression when the opportunist is considering his/her risk of detection. In addition, opportunists must also face a credible risk of detection by their own firms' internal controls, and a risk of serious sanction. Firms must have internal supervisory, compliance and audit controls, and a program for addressing non-compliance that will discourage the opportunist when he or she is making the opportunistic decision to commit fraud.7

The "Crowd Follower." Another type of fraud is committed by people who believe that they're just going with the flow, acting in a way that is consistent with industry practice. These are people who may acknowledge when pressed that their actions were illegal or unethical but will say, in their defense, that "everyone is doing it." They may feel pressure to stay ahead or alongside of their competitors and they may really believe that their competitors are violating the law. Often, in these situations we find that competitors are not "all doing it," and that that statement was used as a canard to get people to go along with the action. Examples of this were seen in our market timing and late trading cases, where some people convinced themselves that their actions were acceptable because other industry participants were purportedly doing the same thing. A variation of this are people who believe that other employees in the company are acting in the same way, and that the fraudulent action is expected or will be tolerated. Examples of this are corporate employees who work in an environment that places pressure on them to make earnings projections and who may believe that "doing whatever it takes" to make the numbers is acceptable or even expected.

What can minimize this type of fraud? This type of fraud can be minimized within firms by having a strong Culture of Compliance — a culture that emphasizes from the top down doing what's right even if others are not. Having a Code of Ethics that specifically addresses this issue may help to discourage it. Also, I think that compliance and legal staff can actively shoot down rumors of "everyone's doing it" before they can get a foothold within the firm and be used to support illegal or unethical actions by the crowd followers. As regulators, we can help minimize it by speaking clearly about prohibited and permissible behavior, issuing interpretive guidance or rulemaking when necessary, and by making clear that illegal conduct will not be condoned by one, or more than one, market participant.

The "Minimizer." Another type of fraud is committed by people who know what they're doing is illegal or unethical, but who justify their actions by minimizing the impact. For example, these may be people who sell legitimate investment products, but to customers for whom they are unsuitable. They are motivated by the sales commission, winning the sales contest, or other remuneration. These people may minimize the harm they cause in selling a product with excessive fees or risk, because the customer is obtaining some real benefit from the investment product. Another example of "minimizing" behavior is by people who do not disclose material conflicts of interest or other material information, and may believe, with respect to their investors, clients and customers, that "what they don't know won't hurt them," thereby minimizing in their own minds the harm they cause. These people may not want to answer the client's questions as such discussion may risk losing the sale, the deal or the account. We've seen examples of this in many instances — such as the investment adviser who does not disclose his revenue-sharing arrangement or his use of his client's soft dollars, and the broker who doesn't tell his customer about penalties that will be imposed on the customer for selling a security early (contingent deferred sales loads). While they may minimize it in their own minds, these people can do enormous harm.

What can minimize this type of fraud? This is a particularly insidious type of fraud. These people are perhaps less likely to be deterred by public enforcement action because they have a tendency to minimize their conduct and therefore may not see their conduct mirrored in SEC, FINRA or state enforcement cases. Because this type of fraud often involves non-disclosure, the client may not know what information is not being provided. To prevent this type of fraud, firms need to be aggressive in ensuring that their salesperson has made full disclosure, and the best preventative measure is disclosure to the client or customer in writing and in plain English.8 And, firms can check and double-check advertisements and marketing materials provided to investors for accurate and full disclosure. Regulatory examiners also spend a fair amount of time searching for non-disclosures or inadequate disclosures in our examinations of investment advisers and broker-dealers, and I think we must continue to do so, to minimize this type of fraud by "minimizers."

***

I'm sure that there are other types of fraudsters than these, but these types — the "Grifter," the "Borrower," the "Opportunist," the "Crowd-Follower" and the "Minimizer" are examples of those that I have encountered. What's critical in this analysis is to identify the measures and steps that we can take to prevent these types from doing damage to firms and to investors. For firms, while implementing preventative measures has costs, I hope that firms would consider the costs of not doing so. While no exact measure of the amount of money lost by investors to fraud is available, according to NASAA, each year investors lose billions of dollars due to fraud.9 In addition, other studies find that U.S. organizations (of all types, not just securities firms) lose 7% of their annual revenues to fraud.10 In addition to the direct costs of fraud, the indirect cost is loss of investor confidence and respect for market participants. Clearly, the benefits of prevention outweigh the costs.

For us as regulators, our three-fold efforts should be seen as a common attack on fraud. First, we seek to educate investors to protect themselves against fraud, second, we conduct regulatory examinations to ensure that firms have robust compliance systems to prevent and detect fraud and other violations, and finally, we aggressively prosecute securities fraud, working together with criminal prosecutors. Your work, collectively and individually, in this fight against fraud could not be more important.

I've enjoyed speaking with you today, and I hope that this Conference will help you to further our collective goals.

Endnotes

1 In fiscal 2007, for example, approximately 70% of all examinations resulted in a deficiency letter as the primary outcome.

2 In fiscal 2007, for example, 94% of firms that received a deficiency letter responded that they would take corrective action with respect to all of the deficiencies found.

3 In fiscal 2007, for example, approximately 6% of adviser examinations, and 14% of broker-dealer examinations had serious findings and were referred to enforcement staff. Many of these included indications of fraud.

4 The well-known "fraud triangle" is often used to explain why otherwise law-abiding people commit fraud. According to this model, there are three factors that must exist for a normal person to commit fraud: pressure (e.g., financial need, avoiding embarrassment or loss of status); opportunity (and a perceived low risk of detection); and rationalization (the ability to avoid feeling guilty by finding conduct acceptable or justifiable). See, Statement on Auditing Standards No. 99, Consideration of Fraud in a Financial Statement Audit, and "Understanding Why Employees Commit Fraud," Association of Certified Fraud Examiners (2003).

6 A recent report by the Association of Certified Fraud Examiners (ACFE) found that the controls associated with the largest reductions in losses to companies due to fraud were surprise audits and job rotations or mandatory vacations for employees. Further the report found that the implementation of anti-fraud controls appears to have a measurable impact on an organization's exposure to fraud. ACFE "2008 Report to the Nation on Occupational Fraud and Abuse" http://www.acfe.com/rttn/2008-rttn.asp. See also "Unauthorized Proprietary Trading: Sound Practices for Preventing and Detecting Unauthorized Proprietary Trading" FINRA Regulatory Notice, 08-18 (April 2008) http://www.finra.org/web/groups/rules_regs/documents/notice_to_members/p038276.pdf.

7 Registered investment advisers and broker-dealers must implement adequate supervisory and compliance controls. The SEC's "Compliance Rule" (Rule 206(4)-7 under the Advisers Act and Rule 38a-1 under the Investment Company Act) requires that funds and advisers adopt and implement written policies and procedures reasonably designed to prevent violations of the federal securities laws, review those policies and procedures annually for their adequacy and the effectiveness of their implementation, and designate a chief compliance officer to be responsible for administering the policies and procedures. Similarly, broker-dealers may be sanctioned if they fail to reasonably supervise a supervised person who commits a violation of the federal securities laws (Section 15(b)(4)(E) of the Exchange Act). SRO rules require that broker-dealers have an annual certification that: the firm has processes in place to establish, maintain, and review policies and procedures reasonably designed to achieve compliance with applicable SRO rules and federal securities laws and regulations and to modify such policies and procedures as business, regulatory, and legislative changes and events dictate (NASD Rule IM-3013 and NYSE Rule 342.30(e)).

8 See "A Plain English Handbook, How to Write Clear SEC Disclosure Documents" by the SEC's Office of Investor Education and Assistance (updated in 2001) http://www.sec.gov/pdf/handbook.pdf. The SEC has proposed to require that investment advisers provide clients and prospective clients with a brochure written in plain English. The brochure is intended to provide clients and prospective clients with clear, current, and more meaningful disclosure of the business practices, conflicts of interest, and background of investment advisers and their advisory personnel , IA-2711, March 3, 2008 http://www.sec.gov/rules/proposed/2008/ia-2711.pdf.